Klikki Oy

April 26, 2015
WordPress vulnerable to another comment XSS exploit identified by Klikki.
Read more »
April 20, 2015
Another vulnerability, admin panel stored XSS in Yoast's Google Analytics plug-in identified by Klikki, leading to server-side code execution, affects millions of WordPress sites.
Read more »
April 14, 2015
Adobe released patches for two critical Flash vulnerabilities reported by Klikki: a "double free" bug and unrestricted video/audio recording on the target system.

Read more » Video demo »

April 8, 2015
Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows). Patches available now. Read more » Vulnerability test »
March 19, 2015
A stored XSS vulnerability in Google Analytics by Yoast can lead to code execution by unauthenticated users, affecting millions of WordPress sites. Read more »
March 12, 2015
Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in. Patch available. Updated March 13. Read more »
January 31, 2015
Another 0-day to be released soon: WordPress 3.0 - 4.1.1 core stored XSS, vendor notified on November 7. Same impact as the previous but more restricted attack vector.
January 6, 2015
Klikki's pioneering typing test site TyperA goes viral after stories on Huffington Post, MTV, Cosmopolitan, etc.
December 1, 2014
WordPress core XSS proof of concept exploit published. Read more »
November 20, 2014
Critical WordPress security vulnerability discovered by Klikki Oy affects tens of millions of web sites:
Press release »  Technical advisory »  Vulnerability test »
Unpublished zero-days
Interested our unpublished zero-days?  Contact us!

Cyber security

Advisory archive

Customer references

  • Danske Bank
  • Balancion

Game development

Hockey.tk  Socceracy  TyperA